Change log for INTEL471_WATCHER_ALERTS
| Date | Changes |
|---|---|
| 2025-04-03 | - `event.idm.read_only_udm.metadata.additional.fields`: Newly mapped `report.uid` and `report.admiraltyCode` raw log field with `event.idm.read_only_udm.metadata.additional.fields` UDM field.
- `event.idm.read_only_udm.metadata.description`: Newly mapped `report.subject` raw log field with `event.idm.read_only_udm.metadata.description` UDM field. - `event.idm.read_only_udm.principal.url`: Newly mapped `report.portalReportUrl` raw log field with `event.idm.read_only_udm.principal.url` UDM field. - `event.idm.read_only_udm.metadata.event_timestamp`: Newly mapped `report.released` raw log field with `event.idm.read_only_udm.metadata.event_timestamp` UDM field. |
| 2025-03-11 | - Mapped "post.links.forum.description" and "actor.links.reports.subject" to "metadata.description".
- Mapped "post.links.authorActor.uid", "data_leak_post.uid" and "actor.uid" to "principal.user.userid". - Mapped "post.links.authorActor.handle" and "actor.links.reports.actorHandle" to "principal.user.attribute.labels". - Mapped "data_leak_post.file_listing.download_url" and "actor.links.reports.portalReportUrl" to "principal.url". - Mapped "post.links.forum.uid", "post.links.forum.name", "post.links.thread.uid", "post.links.thread.topic", "post.links.thread.count", "post.uid", "post.message", "highlights.field", "highlights.chunks.text", "highlights.chunks.hl", "actor.links.forumTotalCount", "actor.links.forumPrivateMessageTotalCount", "actor.links.instantMessageChannelTotalCount", "actor.links.reportTotalCount", "actor.links.instantMessageTotalCount", "actor.links.instantMessageServerTotalCount", "actor.links.forumPostTotalCount", "actor.lastUpdated", "actor.activeFrom", "actor.activeUntil", "data_leak_post.chunk_number", "data_leak_post.links.blog.uid", "data_leak_post.links.blog.name", "data_leak_post.links.thread.uid", "data_leak_post.links.thread.topic", "data_leak_post.links.thread.count", "data_leak_post.message", "actor.links.reports.uid", "actor.links.reports.admiraltyCode", "actor.links.reports.dateOfInformation" to "additional.fields". |
| 2024-10-17 | - Newly created parser.
|